Cryptographic Key Protection

What is White-Box Cryptography?

Cryptography is at the heart of secure communication worldwide, and has become an indispensable protection mechanism for securing systems, communications and applications. Cryptographic keys are the fundamental building block of this protection mechanism.

Keys are used to:

Protect digital assets, including media, software and devices

Encrypt user licenses

Bind devices

Prove identity

Secure communication against eavesdroppers

Protect Host Card Emulation (HCE)

Watch the short video to learn:

How cryptographic keys are being used in a variety of applications

Techniques hackers are leveraging to steal keys

Arxan’s unique approach to key protection (that is available through Arxan – and IBM as well)

While offering strong protection, cryptography makes the assumption that cryptographic keys are kept absolutely secret. This assumption is very difficult to guarantee in real life since applications and systems can be compromised relatively easily. Access to digital content, data and information systems is commonly protected by encryption, a first line of defense. However encryption has a single point of failure – the instance at which the decryption key is used. This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys will (typically) be constructed in memory. Subsequently, fatal exploits can be easily created. Keys are the critical component for securing systems, communication and applications, and therefore must be protected at all times. The term “white-box cryptography” (WBC) describes a secure implementation of cryptographic algorithms in an execution environment, such as on a desktop computer or a mobile device, which is fully observable and modifiable by an attacker. White-box cryptography is intended for any security system that employs cryptographic algorithms and keys, and that is executed in an open and untrusted environment, such as on a desktop computer, mobile device, or embedded system. Examples of such systems are Digital Rights Management clients, Conditional Access Systems, game consoles, and set-top boxes.

Our Solution, TransformIT®, is a sophisticated implementation of white-box cryptography. It combines mathematical algorithm with data and code obfuscation techniques to transform the key and related operations so keys cannot be discovered. The keys are never present either in either the static form or in runtime memory. TransformIT® works by clearly separating the data into two domains:

Open Domain – Contains data that the application needs to access. All code and data can be understood by the attacker

This approach, from an attackers point of view, makes it impossible to meaningfully interpret the data within the encrypted domain.TransformIT® works in conjunction with our patented guarding technology to provide comprehensive protection. It:

Provides keys in white-box form for use in the cryptographic operations performed

Allows both obfuscation and encryption on sensitive data and chained-together cryptographic operations, to reduce or remove the possibility of a successful attack

Arxan offers solutions for software running on mobile devices, desktops, servers, and embedded platforms – including those connected as part of the Internet of Things (IOT) – and is currently protecting applications running on more than 400 million devices across a range of industries.